[help] nat

alexis.fecourt · November 25, 2005, 4:40pm

Hi ,

I have a NAT problem…

That is the network configuration (the Asterisk server has 2 intefaces) :

***** sip.conf *****

[general]
context=default
language=us
insecure=invite
auth=plaintext
bindport=5060
bindaddr=0.0.0.0
allow=ilbc
srvlookup=yes
externip=172.17.70.247
localnet=10.0.0.0/255.0.0.0
nat=yes
register => 0141877002@172.17.69.107/7002

[7002]
type=friend
callerid=“SJphone” <7002>
context=local
host=dynamic
disallow=all
allow=gsm
allow=ulaw
allow=alaw
allow=ilbc
allow=speex

**** extensions.conf ****

[general]
static=yes
writeprotect=no
autofallthrough=yes
clearglobalvars=no
priorityjumping=no
insecure=invite

[globals]

[default]
include => local

[local]
exten => 7002,1,Dial(SIP/7002,10,tT)
exten => 0675464598,1,Dial(SIP/0675464598@172.17.68.107)

Now I try to call the intern phone (7002) from the outside (0675464598), I capture the frame with ethereal, every thing is ok :

But if I call the outside from the inside !

There is clearly a problem with an additional SIP INVITE send by Asterisk which contains a bad SDP: Asterisk says to communicate directly !

Frame 14 (816 bytes on wire, 816 bytes captured)
Internet Protocol, Src: 172.17.70.247 (172.17.70.247), Dst: 172.17.69.107 (172.17.69.107)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol
Request-Line: INVITE sip:0675464598@172.17.69.107:5060 SIP/2.0
Message body
Session Description Protocol
Connection Information ©: IN IP4 10.51.51.52

Frame 16 (751 bytes on wire, 751 bytes captured)
Internet Protocol, Src: 10.51.51.51 (10.51.51.51), Dst: 10.51.51.52 (10.51.51.52)
User Datagram Protocol, Src Port: 5060 (5060), Dst Port: 5060 (5060)
Session Initiation Protocol
Request-Line: INVITE sip:7002@10.51.51.52:5060 SIP/2.0
Message body
Session Description Protocol
Connection Information ©: IN IP4 172.17.68.254

It should not send the direct IP of the phones !

I solved the problem by forcing the use of different codec: the internal phone uses GSM and the external one uses iLBC. With that configuration Asterisk does his proxy job. But I am looking for a better solution.

Please help me.

Alexis.

greyhound · November 25, 2005, 5:25pm

Sorry I can’t help. Still a little wet behind the ears.

But I wanted to comment and ask a question:

Comment: slick diagram of the network!

Question: does ethereal produce those communication graphs automatically? If not, how did you produce them? Last time I used ethereal, a few years ago, I don’t recall seeing anything like that. It’s quite a nice way to visualize the exchange!

Thanks.
john

rightbrain · November 25, 2005, 6:19pm

Have you tried “canreinvite=no” yet?

netjunkie · November 26, 2005, 6:50pm

There is an amazing tool called siproxy and can be found on sourceforge. It is robust, feature rich and gets the job done.

We have it running on a cluster and allows us to present 10 cluster nodes to our clients as a “single asterisk box”.

can do both in/outbound proxying.

alexis.fecourt · November 28, 2005, 8:31am

Hi,

I use Ethereal Version 0.10.13, and I do the graphs with it : Statistics/Flow Graph…

I will search about canreinvite. Thanks.

Alexis.

alexis.fecourt · November 28, 2005, 8:54am

canreinvite=no is the solution.

Topic		Replies	Views
Asterisk SIP NAT Config Asterisk Support	0	262	June 7, 2011
Asterisk With NAT Asterisk Support	5	233	February 2, 2012
Having trouble with externalip Asterisk Support	2	179	January 10, 2014
Sip.conf, problems with NAT and externip Asterisk SIP	4	3487	May 24, 2020
Difficult Geting SIP To work outside of LAN Asterisk Support	2	326	February 28, 2008

[help] nat

Related topics